HIPAA Notice of Privacy Practices
The Health Insurance Portability & Accountability Act of 1996 (HIPAA) is a federal law governing the privacy of individually identifiable health information. We are required by HIPAA to notify you of the availability of our Notice of Privacy Practices. This notice describes our privacy practices, legal duties and your rights concerning your Protected Health Information (PHI) and includes provisions outlined in the 2013 HIPAA Final Omnibus Rule.
Your Protected Health Information
We may collect, use and share your PHI for the following reasons:
For payment:We use and share PHI to manage your account or benefits and to obtain reimbursement for the health care services we provide.
For health care operations: We use and share PHI for our health care operations. For example, we may use PHI to review the quality of care and services you receive.
For treatment activities: We use and share PHI to ensure you receive the treatment you need.
To you: We must give you access to your own PHI. We may send you reminders about required follow-up care.
To others: You may tell us in writing that it is okay for us to give your PHI to someone else for any reason. Also, if you are present and tell us it is okay, we may give your PHI to a family member, friend or other person. We would do this if it has to do with your current treatment or payment for your treatment. If you are not present, if it is an emergency, or you are not able to tell us it is okay, we may give your PHI to a family member, friend or other person if sharing your PHI is in your best interest.
As allowed or required by law: We may also share your PHI, as allowed by federal law, for many types of activities. PHI can be shared for health oversight activities. It can also be shared for judicial or administrative proceedings, with public health authorities, for law enforcement reasons, and with coroners, funeral directors or medical examiners (about decedents). PHI can also be shared with organ donation groups for certain reasons, for research, and to avoid a serious threat to health or safety. It can be shared for special government functions, for Workers’ Compensation, to respond to requests from the U.S. Department of Health and Human Services, and to alert proper authorities if we reasonably believe you may be a victim of abuse, neglect, domestic violence or other crimes. PHI can also be used to report certain information to the U.S. Food & Drug Administration about medical devices that break or malfunction.
Authorization: We will obtain permission from you in writing before we use or share your PHI for any other purpose not stated in this notice. You may withdraw your authorization, in writing, at any time. We will then stop using your PHI for that purpose. If we have already used or shared your PHI based on your authorization, we cannot undo any actions we took before you told us to stop.
How We Protect Information
We are dedicated to protecting your PHI and have set up a number of policies and practices to make sure your PHI is kept secure.
We keep your oral, written and electronic PHI safe using physical, electronic and procedural means. These safeguards follow federal and state laws. Some of the ways we keep your PHI safe include securing offices that hold PHI, password-protecting computers, and locking storage areas and filing cabinets. We require our employees to protect PHI through written policies and procedures. These policies limit access to PHI to only those employees who need the data to perform their job. Employees are also required to wear ID badges to help keep people who do not belong out of areas where sensitive data is kept.
Your Rights: You may:
- Receive a copy of this Notice of Privacy Practices
- Request limits on disclosure of your PHI
- Receive access to view some or all of your medical record
- Receive a paper or electronic copy of your medical record within 30 days of your documented request
- Request an amendment to your PHI
- Expect your record to be amended within 60 days of your request
- Restrict disclosure of PHI to a health plan when you pay in full at the time of service
- Receive a record of how we have used and/or shared your health information
- Receive information on how to file a complaint if you feel your privacy has been violated
- Opt out of fundraising efforts (when applicable)
- Not sell your PHI
- Notify you in the event of a breach of your PHI
Contact for further information concerning our privacy practices: You may contact the Privacy Officer at (303) 938-5470.
Complaints: If you think we have not protected your privacy, you can file a complaint with us. You may also file a complaint with the Office for Civil Rights in the U.S. Department of Health & Human Services. We will not take action against you for filing a complaint.